Upload
ernest-roberts
View
213
Download
1
Embed Size (px)
Citation preview
DuWayne Aikins Information Security Forum May 21, 2015
Cyber, A Militarized Domain:What is Means to Texas
Objective
The threat landscape
A closer look at China
Lessons learned
Demystify the Cyber Realm so that we can understand itand then do something about it.
Threat landscape
new pieces of malwareare discovered...
of fortune 500 companies have admitted they've been hacked
of malicious hacks are for financial gain.
Threat landscape
• Internet of things• Using internet enabled devices
to operate our world. • Shift from using the internet to
communicate.• With 40 billion new devices
connecting to the internet in the next 5 years, devices will be communicating with themselves.
• Allows hackers to penetrate further into our lives.
Threat landscape
• Cyberspace, a Military Zone?• 100 governments have created military units to fight and win cyber wars• STUXNET• Computer worm designed to attack programmable logic controllers• Reportedly ruined almost one-fifth of Iran's nuclear centrifuges
• WIPER: Two destructive threads• Overwrites data• Interrupts execution processes
China along with ‘one or two’ other countries had the capability to successfully launch a cyber attack that could shut down the electric grid in parts of the United States.
U.S. adversaries are performing electronic ‘reconnaissance,’ on a regular basis so that they can be in a position to attack the industrial control systems that run everything from chemical facilities to water treatment plants.
—November 20, 2014 – Admiral Michael Rogers, Director National Security Agency (NSA)
NSA Director: China can damage US power grid
People’s Liberation Army, Unit 61398
May 2014: U.S. Justice Department indicted five members of the People’s Liberation Army (PLA) General Staff Department (GSD), Unit 61398
This unit was "assigned" to deploy a widespread spear-phishing (or "spearfishing") campaign to allegedly hack into leading US companies
Unit 61398 requires its personnel to be trained in computer security and computer network operations and also requires its personnel to be proficient in the English language
People’s Liberation Army, Unit 61398
Unit 61398 is partially situated on Datong Road (大同路 ) in Gaoqiaozhen (高桥镇 ), which is located in the Pudong New Area (浦东新区 ) of Shanghai (上海 ). The central building in this compound is a 130,663 square foot facility that is 12 stories high and was built in early 2007.
People’s Liberation Army, Unit 61398
• Since 2006, Mandiant has observed Unit 61398 compromise 141 companies spanning 20 major industries.• Unit 61398 maintained access to victim networks for an average of 356
days. The longest time period Unit 61398 maintained access to a victim’s network was 1,764 days, or four years and ten months.
• Of the 141 APT1 victims, 87% of them are headquartered in countries where English is the native language.
• The industries APT1 targets match industries that China has identified as strategic to their growth, including four of the seven strategic emerging industries that China identified in its 12th Five Year Plan.• WHAT DOES THIS INFER?
PLA GSD third department
• Located in Xianghongxi community in the western hills of Beijing‘s Haidian District.
• Manages a vast communications intercept infrastructure and cyber surveillance system.
• Targets foreign diplomatic communications, military activity, economic entities, public education institutions, and individualsof interest.
• Responsible for PLA Computer Network Defense (CND).
Lessons learned
1. Traditional Detection and Incident Response Methods are Proving Ineffective• Organizations cannot stop every attack• What have we learned from 9/11?• What do examples like Target, Home Depot, and Ferguson MO teach us?
• Must be able to maneuver through the attacks
2. We are now operating in a Military Domain• Texas Is and Will be a target, must change the Culture of Blame• Network Defense is Two-Fold:• First line of Defense is focused on Deterrence• Second line of Defense is focused on Incident Response
• Change from Remediation to Investigation• Who, What, When, Where, and WHY?